Hi @Rem Markov ,

I saw this previously, saw "µseg EPGS" and cringed. And forgot about it. 

Since you've had no replies, I suspect many others have had the same reaction.

If I had to do this, I'd split the EPG into two EPGs - one for load balancer and one for nodes. However, I'm not really sure why the load balancers are being split off.

Perhaps my comment my spur someone who is a fan of µSeg EPGs to tell me I'm wrong and give you better advice.

I truly understand that people here really dislike useg, and I too find it a weird concept.

Now I would love to avoid it, but the question is how can I segment on BD to 2 epg when the segmentation should be by IP address?

Is there a better way?

Hi @Rem Markov ,

---

 

Now I would love to avoid it, but the question is how can I segment on BD to 2 epg when the segmentation should be by IP address?

• Firstly, forget whatever you learned about "VLAN=subnet"
• Secondly, allocate another VLAN for say the nodes (as apposed to the load balancers in your description). Make sure it is in the same VLAN Pool as your existing "cluster" VLAN 
• Next, create the new EPG for the nodes - let's call it Nodes_EPG
• Statically map every port where nodes attach to this EPG for the new VLAN
• Apply the same contracts and direction to the Nodes_EPG as you have for the "cluster" EPG
  • This is assuming you want this - see NOTE below
• Create and apply a contract that allow the Nodes to reach the load balancers (and/or vice versa) for the permitted protocols you want to allow
  • NOTE: If you wish to allow ALL traffic between the Nodes and the load balancers, and you are indeed allowing exactly the same traffic to the Nodes_EPG as the "cluster" EPG, then scrap all these steps and DO NOTHING - leave it as it is, otherwise you are just creating work for work's sake (OK if you charge by the hour)
• Finally, configure the Access Ports or Hypervisor Port Group for all Nodes to be the VLAN you've linked to the Nodes_EPG
• Job done.

I suppose it is a way of doing it, but i'm a bit confused.

Lets say now I have a vlan for "nodes" where is the vlan for load balancers?

Also, the case is like that,

I have 10 leafs and all the leaves have some servers attached to them.

I want to have one vlan running on each of the attached interfaces, the only segmentation I want is purely ip based.

Lets say on node A which is connected to leaf 103 eth1/4 might have some loadbalancers on his and also the node ips.

Hi @Rem Markov ,

Sounds like you haven't completed step 1 from my last answer: 

• Firstly, forget whatever you learned about "VLAN=subnet"

so - to your question

---

Lets say on node A which is connected to leaf 103 eth1/4 might have some loadbalancers on his and also the node ips.

---

Then you:

• assign interface leaf 103 eth1/4 to the Loadbalancers_EPG on VLAN x (x=existing VLAN)
• assign interface leaf 103 eth1/4 to the Nodes_EPG on VLAN y (y=new VLAN as described in the last answer)

Alternatively, you can configure the AAEP so that VLAN y always gets traffic assigned to the Nodes_EPG - which is far easier but makes troubleshooting a little tricker later on. I'd suggest you use the same method that has been used previously.

Check some of my previous answers for more information about "mapping up" and "mapping down" if you are not familiar with the two ways of assigning VLANs to EPGs

https://community.cisco.com/t5/application-centric-infrastructure/what-would-be-the-benefits-of-using-the-aaep-application-epg/m-p/4765796/highlight/true#M13502

https://community.cisco.com/t5/application-centric-infrastructure/aaep-to-epg-setup-without-static-ports/m-p/5006737/highlight/true#M15205